CompSec
CompSec copied to clipboard
ouspg
Exercises for (legacy) Computer Security course in the University of Oulu
https://quitesimple.org/page/fun-gentoo-shuffle-rop-gadgets About memory allocation in general: * https://samwho.dev/memory-allocation/ * Compiler security (and memory) https://llsoftsec.github.io/llsoftsecbook/ * Cool heap allocation https://github.com/shadyfennec/stupidalloc
Re-implement some tasks to include some programmatic fuzzing on scale With at least: * https://llvm.org/docs/LibFuzzer.html * https://github.com/google/centipede * https://github.com/rust-fuzz/cargo-fuzz
Good presentation https://github.com/externalist/presentations/blob/master/2023%20Zer0con/Mobile%20Exploitation%2C%20the%20past%2C%20present%2C%20and%20future.pdf
Task 2: Might need to rewrite and combine the provided blog posts to give more straightforward instructions. Also add some notes: * Assembly code should be "perfect call" to work...
https://www.theregister.com/2022/05/30/follina_microsoft_office_vulnerability/
- https://www.amazon.de/-/en/gp/product/B076YRSWH3 - https://github.com/mvp/uhubctl - Jupyter Extension Controlling USB port power individually is possible. This could be used to resolve devices getting stuck by programmatically toggling USB port power. Linked...
Currently contains: - Week 1: - Dockerfile for tasks 1-4 with compose file to mount volumes - Week 2: - Dockerfiles for tasks 1-3 and compose to start them all...
Teaching uses? https://arstechnica.com/information-technology/2022/05/how-hackers-used-smarts-and-a-novel-iot-botnet-to-plunder-email-for-months/
https://twitter.com/0xJeremy/status/1517501223938764802 > [Jeremy Blackthorne](https://twitter.com/0xJeremy) From a VR student today on our ROP chain lessons. I'm dying 😂: "This week's been like"